Tuesday, May 10, 2016

Snort Subscriber Rule Set Update for 05/10/2016, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 05/10/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 90 new rules and made modifications to 7 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Security Bulletin MS16-051:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38763 through 38764, 38780 through
38781, 38828 through 38829, and 38841 through 38842.

Microsoft Security Bulletin MS16-052:
A coding deficiency exists in Microsoft Edge that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38776 through 38777 and 38805
through 38806.

Microsoft Security Bulletin MS16-053:
A coding deficiency exists in Microsft JScript and VBScript that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38828 through 38829.

Microsoft Security Bulletin MS16-054:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38782 through 38783 and 38785
through 38786.

Microsoft Security Bulletin MS16-055:
A coding deficiency exists in Microsoft Graphics Component that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38768 through 38773, 38797 through
38798, and 38816 through 38817.

Microsoft Security Bulletin MS16-056:
A coding deficiency exists in Microsoft Windows Journal that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38810 through 38815.

Microsoft Security Bulletin MS16-059:
A coding deficiency exists in Microsoft Windows Media Center that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38778 through 38779.

Microsoft Security Bulletin MS16-060:
A coding deficiency exists in the Microsoft Kernel that may lead to an
escalatin of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38803 through 38804.

Microsoft Security Bulletin MS16-061:
A coding deficiency exists in Microsoft RPC that may lead to an escalation of
privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38839 through 38840.

Microsoft Security Bulletin MS16-062:
A coding deficiency exists in Microsoft Kernel-Mode drivers that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38759 through 38762, 38765 through
38766, 38774 through 38775, 38787 through 38788, 38801 through 38802, and 38808
through 38809.

Talos has added and modified multiple rules in the browser-ie, exploit-kit,
file-flash, file-image, file-office, file-other, file-pdf,
indicator-compromise, malware-cnc, os-windows, policy-other and server-webapp
rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!